Menu
▾
▴
Re: [Snort-inline-users] Keeping the Pig up to date
|
From: <Wil...@kc...> - 2003-12-26 15:41:43
|
If you are talking about just your signatures you can use oinkmaster-0.9.
Add the following line under the SID's to modify section
modifysid * "^alert" | "drop"
schedule a cron job to run
oinkmaster.pl -o /snortrulesdir
and then have it stop and start the snort daemon.
I always leave these SIDS disabled due to false positives or personal
preference.
disablesid 534, 533, 2174, 2175, 1448, 466, 1841, 538, 532, 537, 536, 535,
1201, 485, 620, 2087, 663, 882, 884, 1002, 1243, 1852, 1857, 1150, 1456,
1653, 1200, 1288, 1549, 1448, 1042, 2201, 895
Regards,
Will
Bill Warren <bw...@op...>
Sent by: sno...@li...
12/26/2003 09:27 AM
To: Sno...@li...
cc:
Subject: [Snort-inline-users] Keeping the Pig up to date
I jsut go my Snort-Inline box up and going. It is blocking all sorts of
junk. What are some good ways to keep it up to date?
--
**********************************
Bill Warren
Optivel, Inc.
E-mail: bw...@op...
Voice: 317.275.2305
Fax: 317.275.2301
Web: http://www.optivel.com
**********************************
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-inline-users mailing list
Sno...@li...
https://lists.sourceforge.net/lists/listinfo/snort-inline-users
|
